Into a world already crowded with big name alternatives to OpenSSL, an indy project could look like “yet another SSL implementation,” but Vulture South suspects there are good reasons to take a close look at the just-launched BearSSL.
One is that its author, Thomas Pornin, has ignored the kinds of legacy protocols that occupy …

Dell has filed the regulatory paperwork to confirm the sales of its software and services arms.
Dell Software yielded approximately $2.425b of cash and Dell Services brought $2.990b through the door, a total of $5.415b.
Dell bought Quest Software for $2.36b and bundled some of its other code into its software unit, so looks …

Apple has published security updates for Xcode, iCloud for Windows, and iTunes for Windows.
Xcode 8.1 plugs holes the Xcode server inherited from Chrome, OpenSSL and node.js. Apple's announcement is here.
There's a bunch of OpenSSL patches to start with:
CVE-2016-0705 in OpenSSL is better known as the DROWN bug that let …

A new compliance team which will address the "risks" associated with the changing nature of employment is to be established within HM Revenue and Customs (HMRC).
Financial secretary to the Treasury Jane Ellison confirmed the measure in a letter to Frank Field, the Labour MP who chairs the House of Commons Work and Pensions …

Comment
We've learnt how the EMC organisation has been fitted into its new Dell house, at least at a top exec and product level, and here is an org chart set to show what we believe we know.
At the top is Dell Technologies, and that's split into seven product area entities. Dell Client Solutions is the notebook and PC business unit. …

Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely.
The boffins also demonstrated again that 1,024-bit primes can no longer be …

Wherever you look there's yet another SME or enterprise migrating to Office 365. This says a lot for the attractiveness of cloud-based office suites, and perhaps it also says something about the attractiveness of letting someone else look after one's SharePoint and Exchange servers rather than having to fight with their …

Since word spread that Yahoo! backdoored its own email servers for US intelligence services, we've heard from rival webmail providers denying they have put in place similar arrangements.
That Yahoo! has a cosy relationship with the Feds is not surprising, especially given what we know about PRISM and Section 702 of the Foreign …

Open Whisper Systems – the secure messaging firm set up by respected crypto anarchist Moxie Marlinspike – has published the results of a federal subpoena and shown that the Feds got very little for their trouble.
OWS builds Signal, the secure messaging and phone service that builds in end-to-end encryption and a host of other …

A running gag in the the HBO sitcom Silicon Valley points out that every other technology company has “making the world a better place” as its mission statement. Add Dell to that list: the leaders of the company's Asia-Pacific limb yesterday used more or less that mantra as to explain the company's next moves.
In a conference …

Millions of internet-facing devices – from home broadband routers to industrial equipment – are still sharing well-known private keys for encrypting their communications.
This is according to research from SEC Consult, which said in a follow-up to its 2015 study on security in embedded systems that the practice of reusing …

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns.
Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims.
Banks are increasingly relying on …

Cisco PIX firewalls can be made to cough up their VPN configurations and RSA private keys, allowing network eavesdroppers to decrypt secure connections.
The NSA's Equation Group exploit code – leaked online this week – includes a tool called BENIGNCERTAIN that crafts and sends a special Internet Key Exchange (IKE) packet to …

Fortinet has laid off 100 sales and marketing staff along with an unknown number of executives, as part of a company wide restructure that has axed about two percent of its workforce
The job losses flow from the company's acquisition of IT operations analytics outfit AccelOps in June 2016.
Fortinet told The Register in a …

Black Hat
Neil Wyler and Bart Stump are responsible for managing what is probably the world’s most-attacked wireless network.
The two friends, veterans among a team of two dozen, are at the time of writing knee deep in the task of running the network at Black Hat, the security event where the world reveals the latest security messes. …

RSA Asia
Activist pop star Sir Bob Geldof hates Pokemon Go, Facebook and Twitter, has never bought anything online, and uses a Nokia 3100 which he says avoids the need for mobile security.
Sir Geldof
Sir Bob and his Nokia relic.
The muso and Irish punk-now-pop icon took aim at the meaningless obsessions of the modern world during a …

Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat tot he information security industry.
The pitch is the result of brainstorming by the group to redefine …

RSA APAC
A closed-door meeting of cabinet ministers from more than a dozen countries met yesterday to mull the creation of a Europol-style organisation to crack down on cyber crime in the region and abroad, The Register has learned.
The Asian organisation is conceptual only, but has support from countries including China, Malaysia, …

VPN provider Private Internet Access (PIA) says its servers have been seized by the Russian government, so has quit the country in protest at its privacy laws.
The company has sent an e-mail to users claiming some of its servers have been seized, even though the enforcement regime – in which all Internet traffic has to be …

Special Report
If the fMRI brain-scanning fad is well and truly over, then many fashionable intellectual ideas look like collateral damage, too.
What might generously be called the “British intelligentsia” – our chattering classes – fell particularly hard for the promise that “new discoveries in brain science” had revealed a new …

Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor.
The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the …

Android's full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected – and there's working code to prove it.
Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing …

Oracle's Sparc S7 processor codenamed Sonoma will not feature on-chip InfiniBand interfaces as expected.
The CPU, designed for scale-out systems and revealed in detail by The Register in August, was due to sport an integrated InfiniBand controller capable of shoveling 28GBit/s directly between the processor and other nodes and …

Crooks are using social networks like Facebook to offer free samples of stolen credit cards.
Facebook is “not proactive enough” in dealing with the threat, according to Daniel Cohen, head of anti-fraud service for RSA in Israel.
A simple search of “cvv2” inside Facebook turns up several stolen credit card freebie sample …

Discerning secret crypto keys in computers and gadgets by spying on how they function isn't new, although the techniques used are often considered impractical.
A new paper demonstrates this surveillance can be pretty easy – well, easier than you might imagine – to pull off, even over the air from a few metres away.
We all …

Back in the day I used to work for a multi-national company with a big presence in the US. I learned a lot there, from the usefulness of a BA silver card to how to run the tendering process for a big global WAN.
I also learned what a big deal our US cousins make of their data export regulations.
This doesn't mean, of course, …

AusCERT
In March 2011, a suspected-to-be-Beijing-backed hacking unit infiltrated security giant RSA, successfully subverted its SecureID product and hacked top American defence contractor Lockheed Martin.
That attack left Bill Duane stressed and exhausted. Duane is a quiet cryptologist who co-developed the SecureID token. As the …

IBM is teaming up with eight North American universities to further tune its cognitive system to tackle cybersecurity problems.
Watson for Cyber Security, a platform already in pre-beta, will be further trained in “learning the nuances of security research findings and discovering patterns and evidence of hidden cyber attacks …

The internet's DNS root zone is about to get more secure with the rollout of a 2048-bit zone signing key (ZSK), in place of today's 1024-bit RSA key.
The change reflects a gradual increase in the digital security of this critical piece of internet infrastructure. With the recent introduction of DNSSEC, the 1024-bit ZSK now …

Your mission, should you choose to accept it, is to help the National Institute of Standards and Technology (NIST) defend cryptography against the onslaught of quantum computers.
It hasn't happened yet, but it's pretty widely agreed that quantum computers pose a significant risk to cryptography. All that's needed is either a …

Michael Dell has written to his staff to tell them that Dell will soon become known as “Dell Technologies”. Except for the bit of Dell that sells PCs, which will be called “Dell”, and the bit that sells to the enterprise, which will be called “Dell EMC”.
Confused? Here's how Dell the man said it in his letter:
“Dell …

Ireland’s anti-discrimination quango has rejected claims that Pastafarianism is a religion after an Irishman insisted on wearing a colander for his driving licence photograph.
Two followers of the church of the Flying Spaghetti Monster celebrated the first officially sanctioned Pastafarian wedding in New Zealand earlier this …

+Comment
EMC saw many pockets of growth in its first fiscal 2016 quarter’s results but overall revenues declined because core legacy product revenues fell, as did RSA and the enterprise content business.
These declines more than offset the impressive growth rates of newer products.
In the EMC earnings call, CEO and chairman Joe Tucci …

The NewPosThings malware has spawned an offspring that exploits the DNS protocol to sneak data past firewalls.
The VXers have reasoned DNS has a couple of advantages for data exfiltration. Since the enterprise network can't talk to the Internet without it, it's unlikely to be blocked; and since it's probably thought of as more …

Eggheads at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) claim they have trained a machine-learning system to detect 85 per cent of network attacks.
To reach that level, the software, dubbed AI2 [PDF], parsed billions of lines of log files, looking for behaviors that indicate either a malware infection …

Cryptography is dead hard. But being conversant in the key aspects of cryptography – to the extent that you could even explain some of it to colleagues and management – puts you one step ahead of most. Here are five things that'll make you sound like you know what you're talking about.
1. Digital certificates
The most common …

Watercooler
– On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried?
As it turns out: no. If you're even a little curious about cryptography and secure programming, though, it should interest and amuse you. On Sunday, the Washington Post learned that Apple had fixed a flaw in the …

Another US hospital has had its records scrambled by ransomware trying to extort money from the sawbones. This time: it's the Methodist Hospital in Kentucky that's been infected.
"We've notified the FBI, we're dealing with federal authorities on how to deal with it," the hospital's chief operating officer David Park told local …

Researchers have broken the encryption schemes used in mobile money transfers by “sniffing” electromagnetic radiation from smartphones.
The work, by researchers from the Check Point Institute for Information Security at Tel Aviv University and the University of Adelaide, offers further evidence that TEMPEST-style side channel …

Interview
Secure email service ProtonMail has come out of beta and re-opened free registration to all for the first time in almost two years.
Applications to join the invite-only service had been backed up almost since the day it launched, as the free encrypted mail service quickly reached its upper capacity of users and struggled to …

Dell and EMC have agreed on the documentation to be put to the latter's shareholders at a forthcoming meeting that will vote on the merger of the two companies. And the document reveals that Dell plans to sell off some non-core businesses after the merger.
The document in question is a Form S-4, one of the many regulatory …

In this article I'm going to talk about the second most important aspect of being an IT manager or engineer. “The second?” I hear you cry. Yes, the second, because the most important aspect is terribly dull and doesn't take 800 words to describe: safety. (And if you think I'm mad, ask yourself whether you'd break down the door …

Analysis
In the technology field, many people like to think that they are at the forefront of human development, but it is becoming clear that the industry is failing when it comes to dealing with sexism against women.
In January, a survey from Stanford University of women who'd spent at least ten years in the tech industry found that …

Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago.
DROWN (which stands for Decrypting RSA with Obsolete and Weakened eNcryption) is a serious design flaw that affects …

Storage drive biz Seagate is lousy at keeping its own data safe: it accidentally handed over the crown jewels of its employees' private information to persons unknown.
A Seagate employee was fooled by an email that masqueraded as an internal memo from the CEO: the message requested people's W-2 forms, and the worker duly …

RSA 2016
Dell SecureWorks duo Joe Stewart and James Bettke have created a free honeypot loaded with fake domain credentials in a bid to help admins trap and block attackers.
The researchers built the Domain Controller Enticing Password Tripwire (DCEPT) tool designed to help organisations unmask hackers and shore up defences ahead of …

RSA 2016
This year's RSA conference was the busiest on record, with over 40,000 people cramming the halls (and later, bars) of San Francisco, and more than a few of them were raising glasses to NSA whistleblower Edward Snowden.
"The Snowden effect has had an undeniable effect on the business," Pravin Kothari, CEO of cloud encryption …

The French parliament has voted in favor of punishing companies that refuse to decrypt data for government investigators – by threatening businesses with big fines and possible jail terms for staff.
This comes amid the FBI's high-profile battle with Apple in the US to unlock a dead killer's encrypted iPhone.
French deputies …